Collective cyber protection: How customer penetration testing boosts Kinde security
By Alex Norman —
As an authentication provider, we are the front door for our customer’s product and a critical part of their product access and security. So when a customer conducts penetration testing (pen testing) and security testing, and shares the results with us, we reward their efforts. Especially if their testing helps us improve Kinde for other customers.
A lot of our customers operate in highly regulated industries, such as healthcare, finance, and local government, which have a variety of compliance and security requirements to protect user and product data. A common requirement for these business types is to conduct a penetration test at least annually. One part that will always be tested is how users authenticate with the product.
While using Kinde’s authentication helps streamline testing for our customers, the varied context of their testing gives us a broad test feedback for different cases. For example, each customer implements different SDKs, stores code differently, and handles the application state in various ways. What occurs post-authentication is also varied, giving us perspectives we might otherwise not have.
At Kinde, we perform a pen test at least annually, and do additional random testing when there’s new major functions or features added to our product. In addition to the penetration test, we also perform weekly vulnerability scans, on-demand scans based on recently published vulnerabilities, and run a vulnerability disclosure program. These all help contribute towards securing customer authentication for ourselves and our customers.
You can read a bit more about this on our blog at Fixing vulnerabilities and getting the occasional white hat helper and Using Strike for penetration testing at Kinde.
The customers who conduct penetration tests throughout the year and share the results deserve more than just a thank you or a virtual high five. By providing critical test data, these highly reputable security companies and organizations, help keep auth secure for everyone who uses Kinde.
If you’re a Kinde customer and have completed a penetration test where the authentication was in scope, please reach out to our team via support@kinde.com.
We ask for you to provide details on the tests, as well as any additional info to help us recreate your environment (SDK, active auth methods, etc.), if a vulnerability is found. Here’s the process on our side.
- A customer provides a shortened or sanitised version of a pen test report showing evidence of Kinde’s authentication flows being tested and validated.
- The Kinde team analyse and validate, and if vulnerabilities were found, offer quick remediation to address security concerns.
- Any advice or remediation we provide can then be included in your final testing reports.
In return for a sanitised or truncated copy of the penetration test report, we offer credits to your Kinde account. We don’t want the full report since it likely contains intellectual property and sensitive data.
A credit for one month of your base plan will be applied to your account. So the Pro plan will be $25, Plus plan $75, and Scale and Enterprise plans $250. We will still apply credits for a penetration test report even if there weren’t any actual findings related to Kinde, just as long as the authentication is in the scope.
If the penetration test finds any vulnerabilities that could impact the security of our authentication, we will send the testing company some swag and list them on our Security wall of fame.
Credits and swag are solely at the discretion of the Kinde team. We will only credit one test per year.
Cybersecurity works best when everyone’s working together. That’s why we openly recognize the customers who contributes to the overall security of Kinde.
If you’re new to Kinde, check out our starter kits and SDKs to get off the ground quickly.
For advice and feedback, join one of our public communities or search for answers in our documentation. Or if you have bigger questions, book a demo with one of our amazing team members.